From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat, 16 Jan 2016 17:25:48 +0000 (+0100)
Subject: buildds: force SHA512 signatures
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=03cbffa15f74f0aae25c7bc9b3e69b20b54926a0;p=mirror%2Fdsa-puppet.git

buildds: force SHA512 signatures

Provide a ~/.gnupg/gpg.conf on the buildds to force SHA512 signatures.
Otherwise gpg still uses to SHA1 by default...

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
---

diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp
index b58bd01d1..7b22eae1e 100644
--- a/modules/buildd/manifests/init.pp
+++ b/modules/buildd/manifests/init.pp
@@ -179,6 +179,17 @@ class buildd ($ensure=present) {
 		group   => buildd,
 		owner   => buildd,
 	}
+	file { '/home/buildd/.gnupg':
+		ensure  => directory,
+		mode    => '700',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/.gnupg/gpg.conf':
+		content  => "personal-digest-preferences SHA512\n",
+		group   => buildd,
+		owner   => buildd,
+	}
 
 	if ! $::buildd_key {
 		exec { 'create-buildd-key':